PCI Blog

A massive malware attack is spreading globally, which has already hit the National Health Services hospitals in and around England as well as hundreds, possibly thousands, of other major organizations. Telefonica, FedEx, and Gas Natural are a few notable firms that have been hit with [read more]

The Unofficial PCI Blog, PCIBlog.org, is excited to announce the launch of its Compliance & IT Security Discussion Forum! PCIBlog.org is already the most trusted information source for PCI compliance and security, and is now launching its discussion forum to connect industry professionals. The Forum [read more]

PCIBlog.org will occasionally send its subscribers Security Alerts regarding PCI SSC and payments industry critical updates via email. With the heavy push for EMV migration in the U.S., many merchants understood EMV to be the “end all be all” of payments security. As we’ve [read more]

PCI Validated Point-to-Point Encryption (P2PE) has quickly become the standard that merchants are moving towards to remove their POS, network and supporting infrastructure from scope of PCI DSS compliance. Merchants who are utilizing a PCI Validated P2PE solution and properly implement this solution automatically qualify for [read more]

Unless you’re an industry expert, understanding the many industry technologies such as Point-to-Point Encryption (P2PE), EMV and Tokenization – and their confusing acronyms – can be extremely difficult. For most merchants, payments security focuses on three major goals: Prevent a data breach by limiting or removing [read more]

PCIBlog.org will occasionally send its subscribers Security Alerts regarding PCI SSC and payments industry critical updates via email. Sophisticated overlay skimmers have been found at Walmart on Ingenico iSC250 devices. The new skimmers are extremely difficult to detect, as they are a full device overlay. [read more]

On February 13, 2015, the PCI SSC released a bulletin announcing that Secure Socket Layer (SSL) is no longer considered a secure, strong cryptographic protocol for the transmission of data. The special bulletin, which can be found here, stated the following: The National Institute of [read more]

If understanding the PCI scope reduction benefits of enterprise security solutions wasn’t confusing enough, many companies have doubled-down by spreading misinformation around point-to-point encryption versus end-to-end encryption, or P2PE vs E2EE. As an independent IT security and PCI blog, we decided to write this article in an effort [read more]